Cybercriminals are increasingly targeting health organizations of all sizes. The rise in healthcare-related cyberattacks suggests that smaller healthcare providers are experiencing a higher rate of cybercrime incidents.
Recently Food and Drug Administration has disclosed that ransomware attacks targeting medical facilities are a major concern and what we are witnessing is only the visible tip of the iceberg in a much larger problem.
Beyond headline-grabbing cyberattacks, there are hidden risks to patient safety caused by service providers who hack medical devices disguised as repair and maintenance. This dangerous method of hacking, whether it is intentional or reckless, poses significant cyber risks comparable to professional ransomware attacks.
Unfortunately, medical devices for malicious purposes are often disregarded or not given enough attention by the medical device community, physicians, and patients who rely on these devices for critical life-saving treatments and services.
Additionally, when examining the primary factors contributing to the rise in attacks on healthcare organizations, we can identify the following common reasons:
- Patient medical and billing information can be swiftly sold by malicious actors on the darknet for insurance fraud.
- The ability of ransomware to seize control of patient care and administrative systems increases the likelihood of substantial ransom payments.
- Tampering with internet-connected medical devices is a significant vulnerability.
Following the report, the FDA stated that “Cybersecurity is a widespread issue affecting medical devices connected to the Internet, networks, and other devices. Cybersecurity is the process of preventing unauthorized access, modification, misuse or denial of use, or the unauthorized use of information that is stored, accessed, or transferred from a medical device to an external recipient.”
The FDA's paper on improving cybersecurity practices for servicing medical devices explores how service entities can enhance the cybersecurity of these devices.
According to the discussion paper, the FDA said that “defines service to be the repair and/or preventive or routine maintenance of one or more parts in a finished device, after distribution, for purposes of returning it to the safety and performance specifications established by the original equipment manufacturer (OEM) and to meet its original intended use.”
These crimes have caused various disruptions, such as missed chemotherapy appointments, delayed ambulances, and sometimes the services devices do not work and it increases the risks of not getting treatment or health services at the right time.
Ransomware attacks are very dangerous methods of cyberattacks that are getting their foot in every industry. For instance, the May ransomware attack on Colonial Pipeline resulted in gas shortages and panic buying.
Nevertheless, hackers targeted the JBS meat processing company, raising concerns about potential meat shortages and the vulnerability of essential food providers. In another incident, the Baltimore County Public Schools system experienced a ransomware attack last fall, forcing a two-day halt to virtual classes.
Cybersecurity has a huge impact on every facet of the healthcare industry, encompassing the protection of confidential health data, insurance rates, and patient care. It is becoming essential for medical and device manufacturing companies to advance their methods against increasing cyber threats.